Installation

barbicanclient - Python Library

Here’s an example of storing a secret in barbican using the python library
with keystone authentication:

>>>fromkeystoneclient.authimportidentity>>>fromkeystoneauth1importsession>>>frombarbicanclientimportclient>>># We'll use Keystone API v3 for authentication>>>auth=identity.v3.Password(auth_url=u'http://localhost:5000/v3',...username=u'admin_user',...user_domain_name=u'Default',...password=u'password',...project_name=u'demo',...project_domain_name=u'Default')>>># Next we'll create a Keystone session using the auth plugin we just created>>>sess=session.Session(auth=auth)>>># Now we use the session to create a Barbican client>>>barbican=client.Client(session=sess)>>># Let's create a Secret to store some sensitive data>>>secret=barbican.secrets.create(name=u'Self destruction sequence',...payload=u'the magic words are squeamish ossifrage')>>># Now let's store the secret by using its store() method. This will send the secret data>>># to Barbican, where it will be encrypted and stored securely in the cloud.>>>secret.store()u'http://localhost:9311/v1/secrets/85b220fd-f414-483f-94e4-2f422480f655'>>># The URI returned by store() uniquely identifies your secret in the Barbican service.>>># After a secret is stored, the URI is also available by accessing>>># the secret_ref attribute.>>>print(secret.secret_ref)http://localhost:9311/v1/secrets/091adb32-4050-4980-8558-90833c531413>>># When we need to retrieve our secret at a later time, we can use the secret_ref>>>retrieved_secret=barbican.secrets.get(u'http://localhost:9311/v1/secrets/091adb32-4050-4980-8558-90833c531413')>>># We can access the secret payload by using the payload attribute.>>># Barbican decrypts the secret and sends it back.>>>print(retrieved_secret.payload)themagicwordsaresqueamishossifrage